← Back to context Comment by nabla9 1 day ago That's not true. QUIC's encrypted traffic does not protect against MITM. 8 comments nabla9 Reply viraptor 1 day ago QUIC uses TLS1.2 (or higher), so the guarantees are the same as for HTTPS streams. That means it protects the data streams against MitM. nabla9 19 hours ago Not any different from TLS.1.2 over TCP.https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...Here is good intro for you:The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha... lazide 1 day ago Not if they have a root cert. viraptor 17 hours ago That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM. 1 reply → Thorrez 21 hours ago If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency. 2 replies →
viraptor 1 day ago QUIC uses TLS1.2 (or higher), so the guarantees are the same as for HTTPS streams. That means it protects the data streams against MitM. nabla9 19 hours ago Not any different from TLS.1.2 over TCP.https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...Here is good intro for you:The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha... lazide 1 day ago Not if they have a root cert. viraptor 17 hours ago That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM. 1 reply → Thorrez 21 hours ago If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency. 2 replies →
nabla9 19 hours ago Not any different from TLS.1.2 over TCP.https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...Here is good intro for you:The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha...
lazide 1 day ago Not if they have a root cert. viraptor 17 hours ago That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM. 1 reply → Thorrez 21 hours ago If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency. 2 replies →
viraptor 17 hours ago That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM. 1 reply →
Thorrez 21 hours ago If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency. 2 replies →
QUIC uses TLS1.2 (or higher), so the guarantees are the same as for HTTPS streams. That means it protects the data streams against MitM.
Not any different from TLS.1.2 over TCP.
https://en.wikipedia.org/wiki/File:HTTP-1.1_vs._HTTP-2_vs._H...
Here is good intro for you:
The Security Challenges of HTTP/3 and QUIC — What You Need to Know https://medium.com/@RocketMeUpCybersecurity/the-security-cha...
Not if they have a root cert.
That's not a property of QUIC. Yes, if you trust both sides, then you trust both sides. That's not what people normally understand as MitM.
1 reply →
If China uses a root cert to issue bogus certs, that'll get caught by certificate transparency. Assuming people use browsers that enforce certificate transparency.
2 replies →